Detecting concurrency bugs in higher-order programs through abstract interpretation

Manually detecting bugs in concurrent programs is hard due to the myriad of thread interleavings that needs to be accounted for. Higher-order programming features only exacerbate this difficulty. The need for tool support therefore increases as these features become more widespread. We investigate the P(CEK*)S abstract machine as the foundation for tool support for detecting concurrency bugs. This abstract interpreter analyzes multi-threaded, higher-order programs with shared-store concurrency and a compare-and-swap synchronization primitive. In this paper, we evaluate two different approaches to reduce the size of the state space explored by the abstract interpreter. First, we integrate abstract garbage collection into the abstract interpreter, and we observe that it does not reduce the state space as expected. We then evaluate the impact of adding first-class support for locks on the machine's client analyses. To this end, we compare a cas-based and a lock-based formulation of race condition and deadlock detection analyses. We show that adding first-class support for locks not only significantly reduces the number of abstract program states that need to be explored, but also simplifies formulating the client analyses.

[1]  Helmut Veith,et al.  Progress on the State Explosion Problem in Model Checking , 2001, Informatics.

[2]  Edmund M. Clarke,et al.  Symbolic Model Checking with Partitioned Transistion Relations , 1991, VLSI.

[3]  David Gay,et al.  Effective static deadlock detection , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[4]  Suresh Jagannathan,et al.  Locality Abstractions for Parallel and Distributed Computing , 1994, Theory and Practice of Parallel Programming.

[5]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[6]  Christoph von Praun,et al.  Detecting synchronization defects in multi-threaded object-oriented programs , 2004 .

[7]  David A. Schmidt,et al.  Program Analysis as Model Checking of Abstract Interpretations , 1998, SAS.

[8]  David Van Horn,et al.  Abstracting abstract control , 2013, 1305.3163.

[9]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[10]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[11]  Suresh Jagannathan,et al.  A concurrent abstract interpreter , 1994, LISP Symb. Comput..

[12]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[13]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[14]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[15]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[16]  Eran Yahav,et al.  Cartesian Partial-Order Reduction , 2007, SPIN.

[17]  Matthew Might,et al.  Introspective pushdown analysis of higher-order programs , 2012, ICFP.

[18]  Matthew Might,et al.  Abstracting abstract machines , 2010, ICFP '10.

[19]  Dawson R. Engler,et al.  A few billion lines of code later , 2010, Commun. ACM.

[20]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[21]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[22]  Armin Biere,et al.  Applying static analysis to large-scale, multi-threaded Java programs , 2001, Proceedings 2001 Australian Software Engineering Conference.

[23]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[24]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[25]  Yuanyuan Zhou,et al.  Learning from mistakes: a comprehensive study on real world concurrency bug characteristics , 2008, ASPLOS.

[26]  Martín Abadi,et al.  Types for safe locking: Static race detection for Java , 2006, TOPL.

[27]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[28]  Martín Abadi,et al.  Types for Safe Locking , 1999, ESOP.

[29]  Matthew Might,et al.  A Family of Abstract Interpretations for Static Analysis of Concurrent Higher-Order Programs , 2011, SAS.

[30]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[31]  Rahul Agarwal,et al.  Automated type-based analysis of data races and atomicity , 2005, PPoPP.

[32]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[33]  Suresh Jagannathan,et al.  Analyzing stores and references in a parallel symbolic language , 1994, LFP '94.

[34]  Martin Rinard,et al.  Safejava: a unified type system for safe programming , 2004 .

[35]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[36]  Michael D. Ernst,et al.  Static Deadlock Detection for Java Libraries , 2005, ECOOP.

[37]  Lars-Åke Fredlund,et al.  McErlang: a model checker for a distributed functional programming language , 2007, ICFP '07.